On Thu, 2018-03-29 at 03:37 +0000, Aaron Were wrote:
Oh, I remember now, I couldn't get OpenVPN working on MT, and IPSec VPN's were/are blocked by Telstra on the fiber port. We're looking at a new ISP though, so thanks for the write-up!
Wait - you were paying Telstra for a fibre port and they blocked VPNs? I can see why you would change ISPs.
it's the per-hour of availability pricing that got me. Can't use it for anything else either, whereas an ec2 instance is remarkably flexible.
Right - but that doesn't address the low bandwidth on pretty much any mid to small instance type. If you run lots of traffic then the crypto load will burn your CPU credits too, and then the CPU limits will lower the VPN throughput. T2 Unlimited will quickly chew up the difference between any small instance type and an AWS VPN. Nor does it address the maintenance issue, or the fact that you are running a security service on a general-purpose machine. Bad idea, IMHO :-) Moderate-to-low traffic requirements are all an in-instance VPN can handle unless you run it on something stonkingly large and/or expensive. Most instance types have limits well below 1Gb/s. WELL below. An AWS Hardware VPN can shift 4Gb/s for the price (roughly) of a t2.medium. AWS seems a bit cagey about bandwidth generally, but a bit of googling will get you various peoples' test results. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 GPG fingerprint: 8454 EE43 6215 B6DD 1B4D 9D8D 984D 7BA1 7378 A38D Old fingerprint: 58F8 09D4 97E4 D74A 0940 44BC 8D6D C28C 3BC9 B0CB